Cybercrime is on the rise, and we’re all vulnerable.
The FBI’s Internet Crime Complaint Center fielded 800,944 complaints reporting losses of more than $10.3 billion from suspected internet scams in 2022. On the dark web, Social Security numbers, passports and credit card information sell for as little as $1.
“Everyone’s information is available,” says cybersecurity expert Brett Johnson.
Johnson, a former cybercriminal who once ran a popular online identity theft ring, says being aware of the dangers around cyber attacks isn’t enough. If you want to avoid becoming a victim, you need to take action.
“You can't wait for someone to protect you," he says. "You have to try to protect yourself.”
Table of contents
- Step one: Think like a hacker
- Step two: Protect yourself like one
- Step three: Treat social media like the threat it is
- Step four: Protect yourself online
- Step five: Stay informed about new scams and cyber threats
- Protecting yourself online FAQs
Step one: Think like a hacker
Johnson knows a thing or two about cyber attacks. Between 2002 and 2004, he ran ShadowCrew, credited as the first forum for cybercriminals to share tips on hacking, credit card fraud and various other scams.
These days, Johnson works as a cybersecurity consultant and public speaker, and he's dedicated to helping people avoid falling victim to cybercrime.
His advice varies from person to person. Someone who works in upper management at the top of the corporate ladder might get hit with sophisticated cyber attacks aimed at installing ransomware in their company’s network. (Often, this kind of attack paralyzes their company’s operations until they agree to pay a ransom.) Other people might fall victim to identity theft or credit card fraud.
Understanding your place in this "cybercrime spectrum" will allow you to protect yourself accordingly, Johnson says.
Regardless, who gets hit first is not determined by algorithm or strategy, he says. It’s all ease of execution.
“It boils down to who is an easier victim,” he says. "Who is that lowest-hanging fruit?"
Hackers send phishing emails with links or attachments designed to steal your sensitive information like passwords or financial information. If you hover your cursor over the link, you can see the actual URL address. If the URL address looks strange or incorrect, you can determine it’s a phishing scam. Make sure never to click on a link or download an attachment from a text message or email unless you’re absolutely sure you know who it’s from.
It’s also crucial to download new apps through secure platforms, such as the App Store for iPhones or Google Play Store for Android devices. Never use an external link to download an app.
Step two: Protect yourself
The best deterrent for cybercrime is making a criminal think you're not worth the effort. And Johnson says, "You can be better protected than 90% of the people out there" with these three steps:
Use a password manager
Most people use the same password, or variations of the same password, across their digital existence. So if just one of their credentials falls into the wrong hands, they can end up losing everything from their Gmail account to their online banking logins.
The solution, Johnson says, is a password manager. With the help of this software, you can generate a unique and strong password for every one of your online accounts — all stored behind an encrypted key known as a master password.
Monitor your credit
Sites like Credit Karma and Experian offer credit monitoring services that alert you of any suspicious activity on your accounts or if your information has been compromised in a data breach. Some even notify you if your information has been spotted for sale on the dark web. Many credit monitoring services are free and offer premium features as an upgrade.
Freeze your credit
A credit freeze can be an effective tool even if you've never been a victim of identity theft, Johnson says.
It restricts access to your credit report, making it impossible for credit card scammers to open up a new line of credit under your name. Freezes don't prevent unauthorized credit card purchases, and you'll have to unfreeze your credit if you want to, say, open up a new credit card. But the process is completely free and usually takes effect immediately.
While using password managers or creating strong passwords can make gaining access to your personal data difficult, using two-factor authentication will offer even more identity protection. Two-factor authentication will ask for a password as well as a randomly generated passcode that gets sent to your mobile device or email. The second factor can also be biometric information, such as a fingerprint or face scan. If you use cryptocurrency, even though cryptography is used to ensure safe transactions, it’s a good idea to enable two-factor authentication for added protection.
Step three: Treat social media like the threat it is
Posting an overabundance of information, photos, geo-tags and other data on your social media accounts gives bad guys some key resources to act against you.
Mother’s maiden name? There’s that selfie with a tag. Alma mater? Check out the pic from last year’s reunion. It’s all there.
“Criminals will go through every single bit of social media to find anything they can use to their advantage,” says Johnson. Carelessly volunteering all this data can become a big liability.
Be careful about what you post. Check your privacy settings, and make sure you're not revealing your location or using the same password to log into third-party websites. It's also a good idea to go over your “friend” list with a fine-tooth comb, Johnson says.
"Do you actually know your 10,000 'friends?'" he says. " If you don't, why on earth are you sharing anything with them?”
Hackers may post surprising or unexpected links to videos on social networks and entice you to click on them. Clicking on the links may download malware onto your computer, which hackers use to collect your data and spy on your activity. Try doing an online search for the video’s title on Google or YouTube and see what results come up. If the link is a scam, someone probably has already reported the video link.
Step four: Protect yourself offline too
New scams have emerged, looking to cheat people out of their money. Widescale uncertainty adds to the problem, with many Americans lowering their guard due to work-from-home arrangements and other new responsibilities. And while many of the scams people fall victim to have been around for decades, they're becoming more sophisticated every day.
"Spoof calls"— fake calls that appear to come from a police station, hospital or social security office — are a prime example. Getting these kinds of calls forces most people to react emotionally while proper reasoning takes a back seat.
Let’s say you get a call informing you that something terrible will happen unless you hand over some money. Maybe you’re being told that your last few child support payments have bounced or that your grandson is in jail and needs bail money.
Even if you're skeptical, simply engaging with these scammers can be harmful, Johnson says. The person on the other end can use whatever you tell them to fill in the blanks on the profile they're creating of you and your household. (Saying something as innocuous as "stop calling my house," for instance, confirms that you're on a residential phone that another family member might also use.)
The best advice, Johnson says, is to hang up the phone.
Beware of new AI voice clone scams. Thieves are using artificial intelligence (AI) technology to clone voices found on the internet. These cybercriminals could use AI voices to call family members, pretending to be in desperate situations and in need of money. If a friend or family member has videos or voice clips on social media or YouTube, scammers can synthesize that voice to say anything.
One way to combat this is to ask a personal question that the scammer wouldn't know. These phone calls won't be coming through the friend or family member's actual phone number, so you can also try to contact the person via their real number to make sure they are who they say they are.
Step five: Stay informed about new scams and cyber threats
New scams and cyber threats are popping up daily. With new AI technology changing how scammers can get people to hand over their personal information, it's vital to keep up to date with the newest tactics.
One way to learn about the newest developments that scammers, hackers and cybercriminals are using is to keep up with online news and blogs focusing on cyber security. You can also sign up for email newsletters on the topics or follow cybersecurity experts on social media. Also, ensure you know how to check for identity theft so you can take action right away if something happens.
The best way to protect yourself online is by remaining aware and working to recognize when someone may be trying to take advantage of you. Always consider what information you have available online, even when it's password-protected. Streamlining your online presence can help prevent hackers from obtaining information that can be used against you.
Protecting Yourself Online FAQs
How do I create strong and unique passwords?
To create a strong and unique password, don't use personal information that may be available to the public. The longer you make your password, the more difficult it will be for hackers to figure out. Adding uppercase and lowercase letters, numbers and symbols will make your password increasingly difficult to decipher. Coming up with a random combination instead of using an actual word will further strengthen your password. If you find creating a password like this difficult, consider using a password generator.
What do I do if I receive suspicious emails or messages?
Are there reliable antivirus software programs?
How do I avoid falling victim to phishing and online fraud?
How can I ensure the safety of my personal information while using public Wi-Fi networks?
If possible, avoid public WI-Fi if you're accessing any apps or sites with sensitive information, including bank accounts and shopping sites like Amazon. Be careful not to enter your debit or credit card numbers into a website while using public Wi-Fi if you don't have other protection installed.